landing_page-logo
Sign Up
R logo

Member of Technical Staff - Security

RunlayerUnited States, California
Apply with Sonara

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.1

Reclaim your time by letting our AI handle the grunt work of job searching.

We continuously scan millions of openings to find your top matches.

pay-wall

Overview

Schedule
Full-time
Career level
Senior-level
Benefits
Health Insurance
Dental Insurance
Vision Insurance

Job Description

AI is transforming how every company operates, but most enterprises are stuck. They want to move fast with AI agents, tools, and workflows, but they can't do it safely. We're fixing that.

Our team built AI Actions for OpenAI, shipped Zapier Agents to millions of users, and launched the first remote MCP server with Anthropic. The co-creator of MCP is on our cap table. We helped establish the protocol, and now we're building the platform enterprises need to actually use it.

Runlayer is one platform for MCPs, Skills, and Agents. Purpose-built security, fine-grained governance, and complete observability so organizations can push AI forward across the entire company without the risk. We raised $11M from Khosla Ventures and Felicis, and customers include Gusto, Instacart, and Opendoor.

We're a team of 25, mostly engineers, shipping fast. If you want to work at the center of how AI gets things done, this is the moment.

As our second Security Engineer, you'll build the security scanning and detection products that protect enterprise AI. You own the Runlayer Watch products (static and dynamic scanning), shadow detection of unregistered agents and servers, and AppSec for the platform itself.

Why You'll Thrive Here

  • Impact: Build the security layer for the AI agent infrastructure category, directly shaping how enterprises adopt AI safely

  • Excellence: Work alongside founders from Zapier's AI team and a team of senior engineers from top cyber backgrounds

  • Ownership: Own detection products end-to-end, from threat modeling through shipped features

What You'll Do

  • Build and improve Watch products: static and dynamic scanning for MCP servers, skills, plugins, and agent behavior detection on endpoints

  • Develop shadow detection: identify unregistered MCP servers, skills, plugins, and agents running outside governance across the enterprise

  • Own AppSec for the platform: penetration testing, vulnerability management, dependency scanning, and security hardening of the control plane

  • Build automated version scanning: CI/CD-integrated security checks that run on each new MCP server version, skill update, or plugin release

  • Extend detection coverage to CLI agents (Codex, OpenCode) and browser-based agents

What We're Looking For

  • 8+ years in security engineering with deep experience in application security, security tooling development, or endpoint detection

  • Builder, not operator. You've created scanning or detection systems: parsers, rule engines, analysis pipelines.

  • Experience with shadow IT detection, asset discovery, or endpoint monitoring in enterprise environments

  • Strong Python skills (our scanning pipeline and platform backend are Python/FastAPI)

  • Understanding of API and gateway attack patterns: SSRF, token theft, injection, supply-chain attacks

  • Awareness of emerging AI/LLM security threats: prompt injection, tool poisoning, jailbreaking, indirect prompt injection through tool responses

Bonus Qualifications

  • Experience with MCP, AI agents, or LLM security specifically

  • Background in building commercial security products (not just internal tooling)

  • Network in enterprise security (SVCI, Israeli security community, etc.)

What We Offer

We provide a competitive package designed to attract and retain top talent who can work effectively with enterprise customers.

  • Competitive salary and equity — compensation that reflects your expertise and customer-facing responsibilities.

  • Paid time off — 4 weeks paid vacation, paid sick leave, and paid parental leave.

  • Professional development — budget for conferences, courses, and certifications in AI, enterprise software, and customer success.

  • Top-tier equipment — your choice of laptop and accessories to create your ideal work environment.

  • Health benefits — comprehensive health, dental, and vision coverage.

  • Customer interaction opportunities — work directly with innovative companies and see the immediate impact of your work.

Not quite the right fit? Reach out to careers@runlayer.com with details about your experience and interests.

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.

Apply with SonaraApply manually
pay-wall

FAQs About Member of Technical Staff - Security Jobs at Runlayer

What is the work location for this position at Runlayer?
This job at Runlayer is located in United States, California, according to the details provided by the employer. Some roles may also include multiple work locations depending on the requirement.
What pay range can candidates expect for this role at Runlayer?
Employer has not shared pay details for this role.
What employment applies to this position at Runlayer?
Runlayer lists this role as a Full-time position.
What experience level is required for this role at Runlayer?
Runlayer is looking for a candidate with "Senior-level" experience level.
What benefits are offered by Runlayer for this role?
Runlayer offers following benefits: Health Insurance, Dental Insurance, Vision Insurance, Paid Vacation, Paid Sick Leave, Parental and Family Leave, and Career Development for this position. Actual benefits may vary depending on the employer's policies and employment terms.
What is the process to apply for this position at Runlayer?
You can apply for this role at Runlayer either through Sonara's automated application system, which helps you submit applications 10X faster with minimal effort, or by applying manually using the direct link on the job page.